A computerized machine on a network may be configured to accept or reject communications from various other machines on the network. For example, it is desirable to reject packets or connections coming into a machine, as early as possible, from nodes that are not allowed access by any application or feature on that machine. However, the policy to decide which machines are allowed access is typically dictated by applications and features at upper layers of a protocol stack (e.g., an application layer). In typical scenarios, applications read data and discard packets or connections based on the configured rules and policies.